Google Answers Logo
View Question
 
Q: Re: algorithm for generating and validating key tags ( No Answer,   0 Comments )
Question  
Subject: Re: algorithm for generating and validating key tags
Category: Computers > Algorithms
Asked by: jon8600-ga
List Price: $40.00		 Posted: 26 Mar 2003 17:21 PST
Expires: 26 Mar 2003 22:28 PST
Question ID: 181451 
Hi,
 
I'm trying to develop a concept for a network application. As part of
the concept, I need an algorithm that would do the function in a
situation as described below:
 
There are pluralities of terminals that are interconnected to a
Central Office (CO). The objective is as follows: When an
information packet is sent from a terminal to the CO, the information
packet would also include a "tag key" that would allow the CO to
verify the ID of the terminal sending the information packet.
 
Each terminal is assigned a "private key" that is also logged at the
CO and is asscoiated with the ID of the terminal. The terminals are
programmed to generate, by using the "private key", a plurality (i.e.
billion) of "tag keys". The "tag keys" would be unique to the "private
key" of the terminal and would be identifable by the CO as being
generated by the "private key". When an information packet is sent to
the CO, the terminal would attach a "tag key" and the ID of the
terminal. The tag key would allow the CO to verify that the ID is
correct. Each tag key would be usable only once. The CO would
automatically create a list of tag keys that it already received. When an
infromation packet is sent and it includes a "tag key", that is in the
"used" database, the CO would assume that the "tag key" has been
hijacked while being transmitted the first time to the CO, and a
forger is now trying to reuse the "tag key". The CO would reject the
information packet, as being of forgery.
 
Thus the objective is to enbale a first key to generate a plurality of
second keys. The second keys being identifiable as associated to first
key.
 
For example: teminal ID #303030 is assinged a private key #505050.
Using the private key the terminal generates a tag key #707070. The
terminal then sends an infromation packet including terminal ID# and
the tag key. The CO verifies that the tag key is associated to
terminal ID# because it correctly corresponds to the terminal's
private key.
 
I need an algorithm that would do this function.
Request for Question Clarification by maniac-ga on 26 Mar 2003 18:30 PST 
Hello Jon8600,

Let me make sure I understand the question & suggest a simple method -
if not adequate, please explain what more you need to ensure proper
security.

A sequence of messages
  1, 2, 3, 4, ... N
will be sent from each "terminal" to the "central office". Each one
uses a "unique" tag key that is generated from a private key known to
both the specific terminal and central office (a shared secret). Reuse
of the "unique" key would imply a man-in-the-middle attack using a
playback method.

The simple method that comes to mind is to encode the sequence number
(1, 2, ...) with the private key and a reversible cipher. The central
office would decode the tag key with the private key & if the value is
"next" (allowing for network retransmits) - the message is considered
valid. You may need to combine this with some other method (e.g,
checksums or similar) to ensure the entire message is not modified.
Perhaps use the checksum as a "salt" to help start the encode (and a
last step of the decode) sequence.

If this is what you are looking for (or not!) - please let me know so
I can provide a complete answer.
  --Maniac
Clarification of Question by jon8600-ga on 26 Mar 2003 22:01 PST 
Hi maniac-ga,

The method you describe is fine, except that preferably the messages
#s shouldn't be in a sequence but rather generated randomly. This
would allow several nodes of a single sender terminal to utilize the
same private key, without requiring the updating of the "next" # on
all the nodes. It would also allow for "lost" messages that for
various reasons aren't received by the CO, not to disrupt the sequence
#.

I am rather very unfamilair with terms for cryptography, and I
understand that my question may be touching the very basics of it. I
need to complete some outline for a specification of a concept that
includes this funcationality. In order for it be comprehensive I would
appreciate if you can reference to webpages that provide the terms and
definitions for the required function.

Encrypting the message itself isn't required, all that's needed is to
verify the sender ID.

If you know of any existing tools that do this please provide a
reference.
Answer  
There is no answer at this time.

Comments  
There are no comments at this time.
Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy